Privacy By Design For Everyone

News 2021

Good News for Members with Mifi 8000 Hotspots!

Attention members with Mifi 8000 wireless hotspots! Your device will no longer work on or around June 1st, 2022. We will be automatically sending you a free replacement M2000 hotspot at no cost to you soon. To receive this replacement, you must log in to your Calyx Institute account at members.calyxinstitute.org and confirm that your shipping address is up-to-date and correct by April 1. This can be done in the Profile tab in your account.

If the address is accurate, you do not need to do anything further and we will send a replacement hotspot and instructions for activating it within the next two months. If the address is incorrect, please update it with a current shipping address.

The last day to reactivate your current membership/hotspot is April 1st, 2022. If your membership has expired and your hotspot has been turned off, please reactivate it before this date if you want to maintain your current membership with us. Only members with currently active memberships will be getting their device replaced free of charge. If you want your hotspot to be replaced, you must reactivate by April 1st, 2022.

T-Mobile is incorporating the Sprint network into their 4G and 5G networks. As part of this, some devices, including the Mifi 8000 hotspot, will not be able to access Sprint's network. However, we are working with our hardware provider Mobile Citizen to replace old devices like yours for free.

Your Mifi 8000 device will be replaced with a 5G M2000 to maintain access to the T-Mobile network. This will make you a Sustainer member with The Calyx Institute. The renewal dues for your Sustainer membership will be exactly the same amount as the renewal dues for your Contributor Plus membership that includes your Mifi 8000. To confirm your replacement, please update your address information in the profile tab after signing in here: members.calyxinstitute.org. More info on the M2000 can be found here: calyxinstitute.org/help/hotspot-devices/hotspot-models/mifi-m2000

An automated UPS email will be sent at time of shipment to give you an idea of when your hotspot will arrive. Please confirm your current email address in the profile tab of your Calyx Institute membership account.

You do not need to return your old device to us. You may dispose of the device in any way you like. We strongly encourage our members to recycle their electronic devices. Stores like Best Buy and Staples will often recycle old electronics. This can be done in store, but many stores also accept a mail in option. Contact your local electronic store for more details.

Your Calyx Institute membership benefits will still include unlimited 4G (and now 5G!) data and no throttling, as always. No other aspect of your Calyx Institute membership will change, aside from your device and its SIM card. If you run into any hardware issues with your new device, please contact our hardware supplier Mobile Citizen for tech support at 877-216-9603 or email them at support@mobilecitizen.org to troubleshoot any issues or to start a warranty replacement if needed.

Don’t hesitate to email us at help@calyxinstitute.org if there’s anything we can do to make your Calyx Institute membership great!

Thanks,
The Calyx Institute Team

Attention Members with CoolPad Surf, Pocket Wifi, Franklin R910, and R850 hotspots!

Members with CoolPad Surf, Pocket Wifi, Franklin R910, and R850 hotspots, your wireless hotspot will no longer work on or around June 1st, 2022. We will be automatically sending you a free replacement hotspot at no cost to you. To receive this replacement, you must log in to your Calyx Institute account at members.calyxinstitute.org and confirm that your shipping address is up-to-date and correct. This can be done in the Profile tab in your account.

If the address is accurate, you do not need to do anything further and we will send a replacement hotspot and instructions for activating it within the next two months. If the address is incorrect, please update it with a current shipping address.

The last day to reactivate your CoolPad Surf, Pocket Wifi, Franklin R910, or R850 hotspot is April 1st, 2022. If your membership has expired and your hotspot has been turned off, please reactivate it before this date if you want to maintain your current membership with us. If you reactivate before April 1st, your device will be eligible for the free replacement.

T-Mobile is incorporating the Sprint network into their 4G and 5G networks. As part of this, some devices, including CoolPad Surf, Pocket Wifi, Franklin R910, and R850 hotspots will not be able to access Sprint's network. However, we are working with our hardware provider Mobile Citizen to replace old devices like yours for free. Please ensure that your shipping address is accurate and up-to-date by logging in to your account at members.calyxinstitute.org so we can deliver the replacement device before your old model no longer provides wireless internet access.

Your device will be replaced with a 4G Franklin T9 to maintain access to the T-Mobile network. To confirm your replacement, please update your address information in the profile tab after signing in here: members.calyxinstitute.org

An automated UPS email will be sent at time of shipment to give you an idea of when your hotspot will arrive. Please confirm your current email address in the profile tab of your Calyx Institute membership account.

You do not need to return your old device to us. You may dispose of the device in any way you like. We strongly encourage our members to recycle their electronic devices. Stores like Best Buy and Staples will often recycle old electronics. This can be done in store, but many stores also accept a mail in option. Contact your local electronic store for more details.

Your Calyx Institute membership benefits will still include unlimited 4G data and no throttling, as always. No other aspect of your Calyx Institute membership will change, aside from your device and its SIM card. If you run into any hardware issues with your new device, please contact our hardware supplier Mobile Citizen for tech support at 877-216-9603 or email them at support@mobilecitizen.org to troubleshoot any issues or to start a warranty replacement if needed.

Don’t hesitate to email us at help@calyxinstitute.org if there’s anything we can do to make your Calyx Institute membership great!

Thanks,
The Calyx Institute Team

Digital Privacy and Security Survey 2021

We're excited to release our analysis of our first Digital Privacy and Security Survey. The survey and analysis were conducted by Maya Ninova between October and December 2021. With this survey, we sought to provide insights about people’s attitudes towards digital privacy and security, identify their awareness of protection and protective behavior, and explore internet users' knowledge and concerns related to digital privacy and security.

A total of 1146 individuals aged 18 years and over from different parts of the world responded the online survey, which contained 34 questions, available in Spanish and English. This online survey is based on non-random sampling and therefore we cannot draw conclusions for the entire population nor make predictions, but we hope that it serves as a useful foundation for future research.

This survey was funded by Internews' BASICS program. The full survey is available here.

The Pixel 4a (5G) with CalyxOS installed is now available as part of our new Privacy Hero Membership!

We're pleased to announce that we're now offering the Pixel 4a (5G) with CalyxOS preinstalled as part of our new Privacy Hero level membership. The Pixel 4a (5G) has a 6.2" Full HD+ OLED display, Sub-6 5G (no mmWave), 12 MP dual-pixel & 16 MP ultrawide lens, a long lasting battery, and a 3.5mm headphone jack. The phone can also be used as a 5G hotspot, data provided by your mobile carrier. As with all CalyxOS Memberships, our privacy phones do not come with a voice or data plan and you must add your own SIM card. The phone comes with our privacy based OS preinstalled, with continual over-the-air updates and support by the CalyxOS team into 2024.

The yearly dues for our Privacy Hero membership are $700 for the first year, with renewal dues at $10 the subsequent years. The Privacy Hero membership is not available as a quarterly membership.

CalyxOS is a project of the Calyx Institute. Our OS is guided by the principles of privacy, security, usability, and the support and use of free software. To learn more about CalyxOS, vist here: https://calyxos.org/

To become a CalyxOS Privacy Hero, enroll here: https://calyxinstitute.org/membership/calyxos/

Microgrant: S.T.O.P. Surveillance Technology Oversight Project: Ban the Scan Campaign

We are excited to continue our partnership with the Surveillance Technology Oversight Project (S.T.O.P.) by making them one of our recipients of our Regional & Local Privacy Microgrants! We previously supported S.T.O.P. through our Microgrant project to support their work in publishing reports on the New York Police Department's compliance with privacy policies under the new POST Act, and on the implementation and impact of Community Control of Police Surveillance (CCOPS) legislation around the country. S.T.O.P. is a non-profit advocacy organization and legal services provider fighting to abolish local governments’ systems of mass surveillance.

S.T.O.P. uses a combination of education, advocacy, and litigation to research, expose, and abolish mass surveillance and support privacy. Their work focuses on the disproportionate and negative outcomes surveillance has on Muslim Americans, immigrants, the LGBTQ+ community, Indigenous peoples, and communities of color. For example, S.T.O.P. started the Ban the Scan Campaign in 2021, which highlighted the discriminatory and violent use of facial recognition on communities of color in NYC. Facial recognition has already led to the arrest of several innocent Black men. These arrests highlight facial recognition’s biased, flawed, and discriminatory use.

This grant will support S.T.O.P.'s expansion of the Ban the Scan Campaign - a campaign to abolish the use of facial recognition technology in NYC. The campaign will include media engagement and community outreach via written materials, trainings and forums to educate community members on the use and harms of facial recognition. S.T.O.P. will also use its litigation and legislation experience to support three bills to ban facial recognition use by the local government, workplaces, and residential buildings.

For info on S.T.O.P.: https://www.stopspying.org/
For info on Ban the Scan: https://www.stopspying.org/ban-the-scan
For info on our Regional & Local Privacy Microgrants Fund: https://calyxinstitute.org/projects/regional-and-local-microgrant-fund

Microgrant: AEMP Landlord Tech Watch

We are excited to announce the Anti-Eviction Mapping Project (AEMP) as one of the recipients of our Regional and Local Privacy Microgrants! The AEMP is a volunteer-run housing justice collective using data visualization, critical cartography, and community organizing to fight dispossession and evictions upon gentrifying landscapes in San Francisco, Los Angeles, and New York City.

Landlord tech (aka “proptech”) refers to the products and platforms used to control and surveil residential spaces, subjecting tenants to new forms of housing injustice. In collaboration with other local organizations, the AEMP launched Landlord Tech Watch as a platform for information on harms associated with landlord technology. They also offer resources on tenant rights, toolkits for how to keep landlord tech out of one’s home, and the opportunity for residents to self-report how landlord tech is being deployed in their buildings and neighborhoods.

Our funding will support the research and writing of two reports on landlord tech harms in San Francisco and New York City - both epicenters of proptech development and deployment. These reports will hopefully empower tenants by providing useful information in understanding the harms, histories, and geographies of landlord tech in these cities. Ultimately, these studies aim to serve coalition, policy, and housing justice work in the fight against landlord tech abuse.

For info on the AEMP: antievictionmap.com
For info on Landlord Tech Watch: antievictionmappingproject.github.io/landlordtech
For info on our Regional and Local Privacy Microgrants Fund: calyxinstitute.org/projects/regional-and-local-microgrant-fund

Sustainer Membership Sign-Up Temporarily Suspended

Thanks so much for your interest in our Sustainer memberships, which include M2000 5G mobile hotspots. Supply chain issues have caused some delays in our ability to restock the M2000 hotspots, so new Sustainer membership sign-ups will be temporarily paused so we can prioritize fulfilling existing orders. We are working with our hardware provider to restock these hotspots so we can fulfill all existing orders and begin new Sustainer membership signups again ASAP. Thanks so much for bearing with us!

Targeted Advertising on Mobile

Mobile Advertising Is A Nightmare

Two recent studies in 2021, one from Oxford and one from University of Edinburgh, have attempted to develop metrics for how much advertising-related tracking of personal information and behavior actually happens on Android and iOS devices.

Shocking no one, the answer is: a lot. The first study compares the apps in iOS and Android, looking at the level of tracking and personal information that is gathered by these apps, much of it likely in violation of various privacy laws in the EU. The authors conclude that consolidation in the tracking industry means that few a companies (particularly Google, Apple, and Facebook) have extensive access to user activities, and Apple and Google have no incentive to reduce bad behavior among apps.

The second study examines various distributions of Android OS itself: how the different device manufacturers such as Samsung and Xiaomi include all sorts of tracking in the stock operating system that is included with their devices. CalyxOS has zero trackers built into the OS, although CalyxOS was not included in this study.

The Future of Mobile Advertising

Both Google and Apple have designed their operating systems to facilitate the process of turning your personal information into a revenue stream, for apps you have installed and ultimately for carriers, device manufacturers, and Google or Apple. This is not simply a question of advertising: the extent of the personal data accumulated for the purpose of marketing is truely staggering, and has increasing consequences in our everyday lives, including health care, insurance, credit, immigration, and incarceration.

After years of public criticism, both iOS and Android have gradually made it harder for app developers to track users without going through the recommended hoops. While it was once possible for normal apps to track users with immutable identifiers related to the device, such as the IMEI number, this is no longer possible.

For both iOS and Android, major changes are coming soon (or newly deployed) to make tracking user behavior across apps and platforms more difficult.

In iOS 14.5, users now have to opt-in to being tracked on a per-app basis (previously they could opt-out). In Android 12, the ability to opt-out of tracking will actually be enforced on a per-device basis (previously, the opt-out was just a flag sent to the apps, now the apps won’t get the tracking identifier).

The operating systems can enforce these changes because there are basically three identifiers that the vast majority of advertising networks and data brokers use to correlate user behavior and personal information:

  • Apple Advertising Identifier (IDFA): provided to each app by the OS on Apple devices and shared among all the apps.
  • Android Advertising ID (AAID): provided to each app by the Google Play Services on stock Android devices and shared among all the apps.
  • Facebook App User IDs: An additional unique identifier for a Facebook user account that can be used by the Facebook ad network if the app is privvy to the user ID (for example, if you used Facebook to authentication for the app or if you linked your account in any way).

The Google advertising network uses AAID (on both stock Android and iOS devices), Apple’s network uses IDFA (on iOS only), but most third party networks (including Facebook’s) can use all three. If you supply an app with an email address, or other unique identifier, that is certain to be used as well.

With the changes made by Google and Apple, there is likely to be attempts recover some of the lost revenue. As with websites, many apps may stop working if you have interest-based advertising disabled. Or, apps may attempt to track users by other means, such as building a unique fingerprint of the hardware by measuring slight variations in the sensors. Some website do this already with web browsers, allowing a website to uniquely identify a visitor even if all cookies are turned off (although this practice is not common). The use of any hardware-based identifiers for advertising tracking is strictly forbidden by the Google Play terms of service, but enforcement has always been lax.

Lest one think that Google and Apple are making these changes because of a sudden change in heart, the new privacy enhancements in their respective platforms have the consequence of limiting the information that advertisers have about your personal information, but not limiting how this information is retained by Google or Apple themselves, potentially increasing their strategic leverage over competitors.

How Does All This Relate to CalyxOS?

In CalyxOS, the Android Advertising ID (AAID) is always random, every single time an app requests the value. There is no way to turn off this behavior. Like it or not, CalyxOS prevents all tracking with the AAID, which has the effect of preventing most tracking by all ad networks and data brokers.

However, you will still see ads, and CalyxOS doesn’t do anything to prevent tracking through the Facebook ID.

With Android, if you want to block ads themselves you have two options:

  • rooted devices: install an app that modifies your system to block certain domains known to be used for tracking. This is a bad option, because running a device with root privileges completely undermines the security of your device. CalyxOS does not support this.
  • unrooted devices: install an app that sets up a fake VPN that filters out certain domains. This is also a bad option, because then you cannot run a real VPN.

For apps available in F-Droid, TrackerControl supports the VPN approach, and AdAway supports both rooted and VPN approaches. Additionally, there are numerous similar commercial apps available in Aurora Store.

In the future, CalyxOS will incorporate a simple way to block ads and tracking in apps, but in a way that does not require a rooted device and still works with VPN. This will allow you to both not see advertising in apps, and also prevent tracking that uses other networks that don’t rely on AAID.

One additional note: mobile carriers still have access to the hardware identifiers on Android and can use this to correlate hardware information with advertising IDs that might be reset. Verizon, for example, directly owns one of the largest advertising networks and is also the largest mobile carrier in the US. I have not seen research or reporting that answers the question of how Verizon uses it privileged position as a mobile carrier to enhance it’s ad network, but chances are they do. CalyxOS does not allow carrier apps with special access to hardware identifiers to be automatically installed (as is usually the case on stock Android), but these apps can still be installed manually through Aurora Store. The carrier obviously always knows most of the hardware identifiers, because that is how you connect to the mobile network, but the carrier only can tie this to your advertising identifier if they additionally have an app installed on the device.

CalyxOS Phones Available Again Soon

We're so excited about the tremendous interest that the world has shown in our CalyxOS phones, which we offer as part of our CalyxOS Privacy Defender membership. We're currently waiting for our next shipment of phones to arrive, so we expect to have them back in stock and available again as as part of our membership program soon!

Interested in new developments in cybersecurity? Check out our Medium page!

In our work developing free digital privacy technologies and partnering with other organizations who protect privacy and free speech, we often find ourselves at the right place at the right time to get "the inside scoop" on cybersecurity's cutting edge.

We're excited to bring that info to our members in the form of our Medium page, where we'll be posting deep-dive articles written by our staff about the tech, policy and people who are at the forefront of the digital privacy movement. It's a great place to learn about a new app to stay connected during an internet blackout, tools to make Tor accessible in countries experiencing extreme censorship, and much more!

As always, many thanks to our Calyx Institute members, whose generous donations make our mission of preserving and expanding digital privacy possible!